From a13e3e65d602dccdf36c95f9f19aa3f354059c04 Mon Sep 17 00:00:00 2001 From: Vojtech Polasek Date: Fri, 1 Dec 2023 15:14:29 +0100 Subject: [PATCH 1/3] remove stigid from rule no longer selected in RHEL 8 STIG --- .../auditing/policy_rules/audit_immutable_login_uids/rule.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml index 663c3cfcdec..19822b88d4d 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml @@ -35,7 +35,6 @@ references: ospp: FAU_GEN.1.2 srg: SRG-OS-000462-GPOS-00206,SRG-OS-000475-GPOS-00220,SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-APP-000121-CTR-000255,SRG-APP-000495-CTR-001235 stigid@ol8: OL08-00-030122 - stigid@rhel8: RHEL-08-030122 stigid@rhel9: RHEL-09-654270 ocil_clause: 'the file does not exist or the content differs' From b757e292dbcc3b1b67c449866c1c9edb32e94b5f Mon Sep 17 00:00:00 2001 From: Vojtech Polasek Date: Fri, 1 Dec 2023 15:21:10 +0100 Subject: [PATCH 2/3] replace audit_immutable_login_uids with audit_rules_immutable_login_uids in rhel9 stig the rule is more versatile --- controls/stig_rhel9.yml | 2 +- .../audit_rules_immutable_login_uids/rule.yml | 1 + .../auditing/policy_rules/audit_immutable_login_uids/rule.yml | 1 - 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/controls/stig_rhel9.yml b/controls/stig_rhel9.yml index b576ba08c3e..73d9e9e1aa5 100644 --- a/controls/stig_rhel9.yml +++ b/controls/stig_rhel9.yml @@ -4114,7 +4114,7 @@ controls: - medium title: RHEL 9 audit system must protect logon UIDs from unauthorized change. rules: - - audit_immutable_login_uids + - audit_rules_immutable_login_uids status: automated - id: RHEL-09-654275 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml index 46e249efbb5..6a8ea53fc51 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml @@ -33,6 +33,7 @@ references: disa: CCI-000162,CCI-000163,CCI-000164 srg: SRG-OS-000462-GPOS-00206,SRG-OS-000475-GPOS-00220,SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029 stigid@rhel8: RHEL-08-030122 + stigid@rhel9: RHEL-09-654270 ocil_clause: 'the system is not configured to make login UIDs immutable' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml index 19822b88d4d..04333204f2c 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml @@ -35,7 +35,6 @@ references: ospp: FAU_GEN.1.2 srg: SRG-OS-000462-GPOS-00206,SRG-OS-000475-GPOS-00220,SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-APP-000121-CTR-000255,SRG-APP-000495-CTR-001235 stigid@ol8: OL08-00-030122 - stigid@rhel9: RHEL-09-654270 ocil_clause: 'the file does not exist or the content differs' From 355ac5ff6adce68a003ea19d7ad48aa9acdc4f17 Mon Sep 17 00:00:00 2001 From: Vojtech Polasek Date: Fri, 1 Dec 2023 15:45:21 +0100 Subject: [PATCH 3/3] remove stigid from rule passwd_system-auth_substack because it is not selected in rhel7 stig profile --- .../password_quality/passwd_system-auth_substack/rule.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/passwd_system-auth_substack/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/passwd_system-auth_substack/rule.yml index 89b82af3f26..55d3e47a540 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/passwd_system-auth_substack/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/passwd_system-auth_substack/rule.yml @@ -19,7 +19,6 @@ references: nist: IA-5(1)(a),IA-5(1).1(v),IA-5(1)(a) srg: SRG-OS-000069-GPOS-00037 stigid@ol7: OL07-00-010118 - stigid@rhel7: RHEL-07-010118 ocil_clause: '/etc/pam.d/passwd does not implement /etc/pam.d/system-auth'